package se.swedenconnect.opensaml.xmlsec.encryption.support;

import java.util.stream.Stream;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.opensaml.core.config.ConfigurationService;
import org.opensaml.core.xml.util.XMLObjectSupport;
import org.opensaml.security.SecurityException;
import org.opensaml.security.credential.Credential;
import org.opensaml.xmlsec.EncryptionConfiguration;
import org.opensaml.xmlsec.EncryptionParameters;
import org.opensaml.xmlsec.algorithm.AlgorithmRegistry;
import org.opensaml.xmlsec.algorithm.AlgorithmSupport;
import org.opensaml.xmlsec.encryption.support.KeyEncryptionParameters;
import org.opensaml.xmlsec.keyinfo.KeyInfoGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import se.swedenconnect.opensaml.security.credential.KeyAgreementCredential;
import se.swedenconnect.opensaml.xmlsec.BasicExtendedEncryptionConfiguration;
import se.swedenconnect.opensaml.xmlsec.algorithm.ExtendedAlgorithmSupport;
import se.swedenconnect.opensaml.xmlsec.config.ExtendedDefaultSecurityConfigurationBootstrap;
import se.swedenconnect.opensaml.xmlsec.encryption.ConcatKDFParams;
import se.swedenconnect.opensaml.xmlsec.encryption.KeyDerivationMethod;
import se.swedenconnect.opensaml.xmlsec.keyinfo.KeyAgreementKeyInfoGeneratorFactory;

/* loaded from: input_file:se/swedenconnect/opensaml/xmlsec/encryption/support/ECDHKeyAgreementParameters.class */
public class ECDHKeyAgreementParameters extends KeyEncryptionParameters {
    private static final Logger log = LoggerFactory.getLogger(ECDHKeyAgreementParameters.class);
    private String keyDerivationAlgorithm;
    private ConcatKDFParameters concatKDFParameters;
    private KeyAgreementCredential keyAgreementCredential;
    private boolean keyAgreementCredentialAssigned;

    public ECDHKeyAgreementParameters() {
        this.keyAgreementCredentialAssigned = false;
        BasicExtendedEncryptionConfiguration buildDefaultEncryptionConfiguration = ExtendedDefaultSecurityConfigurationBootstrap.buildDefaultEncryptionConfiguration((EncryptionConfiguration) ConfigurationService.get(EncryptionConfiguration.class));
        Stream stream = buildDefaultEncryptionConfiguration.getKeyTransportEncryptionAlgorithms().stream();
        AlgorithmRegistry globalAlgorithmRegistry = AlgorithmSupport.getGlobalAlgorithmRegistry();
        globalAlgorithmRegistry.getClass();
        setAlgorithm((String) stream.map(globalAlgorithmRegistry::get).filter(ExtendedAlgorithmSupport::isKeyWrappingAlgorithm).map((v0) -> {
            return v0.getURI();
        }).findFirst().orElse(null));
        setKeyDerivationAlgorithm(buildDefaultEncryptionConfiguration.getKeyDerivationAlgorithms().stream().findFirst().orElse(null));
        setConcatKDFParameters(buildDefaultEncryptionConfiguration.getConcatKDFParameters());
    }

    public ECDHKeyAgreementParameters(EncryptionParameters encryptionParameters, String str) {
        super(encryptionParameters, str);
        this.keyAgreementCredentialAssigned = false;
        if (encryptionParameters.getKeyTransportEncryptionCredential() == null || !KeyAgreementCredential.class.isInstance(encryptionParameters.getKeyTransportEncryptionCredential())) {
            return;
        }
        setKeyAgreementCredential(encryptionParameters.getKeyTransportEncryptionCredential());
    }

    public Credential getKeyAgreementCredential() {
        if (this.keyAgreementCredential != null) {
            return this.keyAgreementCredential;
        }
        log.debug("Generating key agreement credential ...");
        if (getPeerCredential() == null) {
            log.info("Could not generate key agreement credential - peer credential is missing");
            return null;
        }
        try {
            KeyDerivationMethod keyDerivationMethod = (KeyDerivationMethod) XMLObjectSupport.buildXMLObject(KeyDerivationMethod.DEFAULT_ELEMENT_NAME);
            keyDerivationMethod.setAlgorithm(this.keyDerivationAlgorithm);
            if (this.concatKDFParameters != null) {
                keyDerivationMethod.getUnknownXMLObjects().add(this.concatKDFParameters.toXMLObject());
            }
            this.keyAgreementCredential = ECDHSupport.createKeyAgreementCredential(getPeerCredential(), getAlgorithm(), keyDerivationMethod);
            log.debug("Key agreement credential successfully generated");
            this.keyAgreementCredentialAssigned = false;
            return this.keyAgreementCredential;
        } catch (SecurityException e) {
            log.error("Failed to generate KeyAgreementCredential - {}", e.getMessage(), e);
            return null;
        }
    }

    public void setKeyAgreementCredential(Credential credential) {
        Constraint.isTrue(KeyAgreementCredential.class.isInstance(credential), "Supplied credential must be a keyAgreementCredential");
        this.keyAgreementCredential = (KeyAgreementCredential) KeyAgreementCredential.class.cast(credential);
        this.keyAgreementCredentialAssigned = true;
    }

    public Credential getEncryptionCredential() {
        return getKeyAgreementCredential();
    }

    public void setEncryptionCredential(Credential credential) {
        setPeerCredential(credential);
    }

    public Credential getPeerCredential() {
        return super.getEncryptionCredential();
    }

    public void setPeerCredential(Credential credential) {
        super.setEncryptionCredential(credential);
        if (this.keyAgreementCredentialAssigned || this.keyAgreementCredential == null) {
            return;
        }
        this.keyAgreementCredential = null;
    }

    public KeyInfoGenerator getKeyInfoGenerator() {
        KeyInfoGenerator keyInfoGenerator = super.getKeyInfoGenerator();
        if (keyInfoGenerator == null || KeyAgreementKeyInfoGeneratorFactory.KeyAgreementKeyInfoGenerator.class.isInstance(keyInfoGenerator)) {
            keyInfoGenerator = ExtendedDefaultSecurityConfigurationBootstrap.buildDefaultKeyAgreementKeyInfoGeneratorFactory().newInstance();
        }
        return keyInfoGenerator;
    }

    public String getKeyDerivationAlgorithm() {
        if (this.keyAgreementCredential != null) {
            return this.keyAgreementCredential.getKeyDerivationMethod().getAlgorithm();
        }
        return null;
    }

    public void setKeyDerivationAlgorithm(String str) {
        Constraint.isTrue(EcEncryptionConstants.ALGO_ID_KEYDERIVATION_CONCAT.equals(str), String.format("The only supported key derivation algorithm is '%s'", EcEncryptionConstants.ALGO_ID_KEYDERIVATION_CONCAT));
        this.keyDerivationAlgorithm = str;
        if (this.keyAgreementCredentialAssigned || this.keyAgreementCredential == null) {
            return;
        }
        this.keyAgreementCredential = null;
    }

    public ConcatKDFParameters getConcatKDFParameters() {
        if (this.keyAgreementCredential != null) {
            Stream stream = this.keyAgreementCredential.getKeyDerivationMethod().getUnknownXMLObjects(ConcatKDFParams.DEFAULT_ELEMENT_NAME).stream();
            Class<ConcatKDFParams> cls = ConcatKDFParams.class;
            ConcatKDFParams.class.getClass();
            ConcatKDFParams concatKDFParams = (ConcatKDFParams) stream.map((v1) -> {
                return r1.cast(v1);
            }).findFirst().orElse(null);
            if (concatKDFParams != null) {
                return new ConcatKDFParameters(concatKDFParams);
            }
        }
        return this.concatKDFParameters;
    }

    public void setConcatKDFParameters(ConcatKDFParameters concatKDFParameters) {
        this.concatKDFParameters = concatKDFParameters;
    }
}
